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1 Extended static checking for Java 

Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, Raymie 
Stata 

May 2002 ACM SIGPLAN Notices , Proceedings of the ACM SIGPLAN 2002 Conference 
on Programming language design and implementation PLDI '02, volume 37 
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Full text available: | | pdf(257.73 KB) 



Software development and maintenance are costly endeavors. The cost can be reduced if 
more software defects are detected earlier in the development cycle. This paper 
introduces the Extended Static Checker for Java (ESC/Java), an experimental compile- 
time program checker that finds common programming errors. The checker is powered by 
verification-condition generation and automatic theorem-proving techniques. It provides 
programmers with a simple annotation language with which programmer design de ... 



Keywords: compile-time program checking 



Types for safe locking: Static race detection for Java 
Martin Abadi, Cormac Flanagan, Stephen N. Freund 

March 2006 ACM Transactions on Programming Languages and Systems (TOPLAS), 

Volume 28 Issue 2 

Publisher: ACM Press 

Full text available: pdf(1.49 MB) Additional Information: full citation , abstract , references , index terms 

This article presents a static race-detection analysis for multithreaded shared-memory 
programs, focusing on the Java programming language. The analysis is based on a type 
system that captures many common synchronization patterns. It supports classes with 
internal synchronization, classes that require client-side synchronization, and thread-local 
classes. In order to demonstrate the effectiveness of the type system, we have 
implemented it in a checker and applied it to over 40,000 lines of hand- ... 

Keywords: Concurrent programs, race conditions, type inference, type system 
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Many important classes of bugs result from invalid assumptions about the results of 
functions and the values of parameters and global variables. Using traditional methods, 
these bugs cannot be detected efficiently at compile-time, since detailed cross-procedural 
analyses would be required to determine the relevant assumptions. In this work, we 
introduce annotations to make certain assumptions explicit at interface points. An efficient 
static checking tool that exploits these annotations can dete ... 
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Jeremy W. Nimmer, Michael D. Ernst 

November 2002 Proceedings of the 10th ACM SIGSOFT symposium on Foundations of 

software engineering 
Publisher: ACM Press 
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Full text available: "pi pdfd 15.22 KB) 

li:;;J ~^ terms 

Static checking can verify the absence of errors in a program, but often requires written 
annotations or specifications. As a result, static checking can be difficult to use effectively: 
it can be difficult to determine a specification and tedious to annotate programs. 
Automated tools that aid the annotation process can decrease the cost of static checking 
and enable it to be more widely used.This paper describes an evaluation of the 
effectiveness of two techniques, one static and one dynamic, t ... 

Session 2: dynamic program analysis: Invariant inference for static checking: an 

empirical evaluation 
Jeremy W. Nimmer, Michael D. Ernst 

November 2002 ACM SIGSOFT Software Engineering Notes, Volume 27 issue 6 
Publisher: ACM Press 

Full text available: pdfd. 25 MB) Additional Information: full citation , abstract , references 

Static checking can verify the absence of errors in a program, but often requires written 
annotations or specifications. As a result, static checking can be difficult to use effectively: 
it can be difficult to determine a specification and tedious to annotate programs. 
Automated tools that aid the annotation process can decrease the cost of static checking 
and enable it to be more widely used.This paper describes an evaluation of the 
effectiveness of two techniques, one static and one dynamic, t ... 

A serializabilitv violation detector for shared-memory server programs 
Min Xu, Rastislav Bodik, Mark D. Hill 

June 2005 ACM SIGPLAN Notices , Proceedings of the 2005 ACM SIGPLAN conference 
on Programming language design and implementation PLDI '05, volume 40 

Issue 6 

Publisher: ACM Press 

Full text available: ^ pdf(326.11 KB) Additional Information: full citation , abstract , references , index terms 

We aim to improve reliability of multithreaded programs by proposing a dynamic detector 
that detects potentially erroneous program executions and their causes. We design and 
evaluate a Serializability Violation Detector (SVD) that has two unique goals: (I) 
triggering automatic recovery from erroneous executions using backward error recovery 
(BER), or simply alerting users that a software error may have occurred; and (II) helping 
debug programs by revealing causes of error symptoms.Two pro ... 

Keywords: multithreading, race conditions, serializability 
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Issue 5 

Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 
terms 

We present a system for extending standard type systems with flow-sensitive type 
qualifiers. Users annotate their programs with type qualifiers, and inference checks that 
the annotations are correct. In our system only the type qualifiers are modeled flow- 
sensitively— the underlying standard types are unchanged, which allows us to obtain an 
efficient constraint-based inference algorithm that integrates flow-insensitive alias 
analysis, effect inference, and ideas from linear type systems to supp ... 

Keywords: alias analysis, constraints, effect inference, flow-sensitivity, linux kernel, 
locking, restrict, type qualifiers, types 



ARCHER: using symbolic, path-sensitive analysis to detect memory access errors 
Yichen Xie, Andy Chou, Dawson Engler 

September 2003 ACM SIGSOFT Software Engineering Notes , Proceedings of the 9th 
European software engineering conference held jointly with 11th 
ACM SIGSOFT international symposium on Foundations of software 
engineering ESEC/FSE-11, Volume 28 issue 5 

Publisher: ACM Press 
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Full text available: fia pdf(582.35 KB) ; — 
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Memory corruption errors lead to non-deterministic, elusive crashes. This paper describes 
ARCHER (ARray CHeckER) a static, effective memory access checker. ARCHER uses path- 
sensitive, interprocedural symbolic analysis to bound the values of both variables and 
memory sizes. It evaluates known values using a constraint solver at every array access, 
pointer dereference, or call to a function that expects a size parameter. Accesses that 
violate constraints are flagged as errors. Those that ar ... 

Keywords: buffer overflow, buffer overrun, error detection, memory access errors, 
security, static analysis 



9 Detecting race conditions in larg e programs 
A Cormac Flanagan, Stephen N. Freund 

^ June 2001 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program 
analysis for software tools and engineering 
Publisher: ACM Press 

Full text available- ffipdff163.40 KB) Additional Information: full citation , abstract, references , citing index 

terms 

The race condition checker \rcc{> statically identifies potential races in concurrent Java 
programs. This paper describes improvements to \rcc{} that enable it to be used on 
large, realistic programs. These improvements include not only extensions to the 
underlying analysis, but also an annotation inference algorithm and a user interface to 
help programmers understand warnings generated by the tool. Experience with programs 
containing up to 500,000 lines of code indicate that it is an ef ... 

10 An instructional interpreter for basic 
Avron Barr, Marian Beard 

February 1976 ACM SIGCSE Bulletin , ACM SIGCUE Outlook , Proceedings of the ACM 
SIGCSE-SIGCUE technical symposium on Computer science and 

education, Volume 8 , 10 Issue 1 , SI 

Publisher: ACM Press 
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The BASIC Instructional Program (BIP) was developed to investigate tutorial modes of 
interaction in computer-assisted instruction (CAI). BIP is a problem-solving laboratory 
that helps students while they are solving introductory programming problems in the 
BASIC language. The problems are presented in an individualized sequence based on a 
representation of the structure of the curriculum and a model of the student's state of 
knowledge. This paper describes the BIP system, with emphasis on r ... 

11 Implementation of the Sentry System H 
Sarah E. Chodrow, Mohamed G. Gouda 

May 1994 Technical Report 
Publisher: University of Texas at Austin 
Additional Information: full citation , abstract 

The sentry of a concurrent program P is a program that observes the execution of P, and 
issues a warning if P does not behave correctly with respect to a given set of logical 
properties (due to a programming error or a failure). The synchronization between the 
program and sentry is such that the program never waits for the sentry, the shared 
storage between them is very small (in fact linear in the number of program variables 
being observed), and the snapshots read by the sentry are consistent. ... 

12 Grammatical analysis by computer of the Lancaster-Oslo/Bergen (LOB) corpus of 

British English texts 
Andrew David Beale 

July 1985 Proceedings of the 23rd annual meeting on Association for Computational 
Linguistics 

Publisher: Association for Computational Linguistics 
Full text available: P | pdff 581. 37 KB) 

Additional Information: full citation , abstract , references , citings 

Publisher Site 

Research has been under way at the unit for Computer Research on the English Language 
at the University of Lancaster, England, to develop a suite of computer programs which 
provide a detailed grammatical analysis of the LOB corpus, a collection of about 1 million 
words of British English texts available in machine readable form.The first phrase of the 
project, completed in September 1983, produced a grammatically annotated version of 
the corpus giving a tag showing the word class of each word to ... 

13 A type and effect system for atomicity 
Cormac Flanagan, Shaz Qadeer 

V May 2003 ACM SIGPLAN Notices , Proceedings of the ACM SIGPLAN 2003 conference 
on Programming language design and implementation PLDI '03, volume 38 

Issue 5 

Publisher: ACM Press 

r ., * + i u. osst j f /o CC „d\ Additional Information: full citation , abstract , references , citings , index 
Full text available: rm pdf(266.52 KB) 

LiJ " terms 

Ensuring the correctness of multithreaded programs is difficult, due to the potential for 
unexpected and nondeterministic interactions between threads. Previous work addressed 
this problem by devising tools for detecting race conditions, a situation where two threads 
simultaneously access the same data variable, and at least one of the accesses is a write. 
However, verifying the absence of such simultaneous-access race conditions is neither 
necessary nor sufficient to ensure the absence o ... 

Keywords: atomicity, multithreading, race conditions, static checking 



14 A probabilistic approach to grammatical analysis of written English by computer 
Andrew David Beale 

March 1985 Proceedings of the second conference on European chapter of the 

Association for Computational Linguistics 
Publisher: Association for Computational Linguistics 
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Work at the Unit for Computer Research on the English Language at the University of 
Lancaster has been directed towards producing a grammatically annotated version of the 
Lancaster-Oslo/Bergen (LOB) Corpus of written British English texts as the preliminary 
stage in developing computer programs and data files for providing a grammatical 
analysis of unrestricted English text. From 1981-83, a suite of PASCAL programs was 
devised to automatically produce a single level of grammatical description wi ... 

15 Automatic generation of program specifications H 
Jeremy W. Nimmer, Michael D. Ernst 

July 2002 ACM SIGSOFT Software Engineering Notes , Proceedings of the 2002 ACM 
SIGSOFT international symposium on Software testing and analysis ISSTA 

'02, Volume 27 Issue 4 

Publisher: ACM Press 

Full text available: ° g pdf(154.41 KB) Additional Information: full citation , abstract , references , citings 

Producing specifications by dynamic (runtime) analysis of program executions is 
potentially unsound, because the analyzed executions may not fully characterize all 
possible executions of the program. In practice, how accurate are the results of a dynamic 
analysis? This paper describes the results of an investigation into this question, 
determining how much specifications generalized from program runs must be changed in 
order to be verified by a static checker. Surprisingly, small test suites cap ... 



16 Type-based race detection for Java 
Cormac Flanagan, Stephen N. Freund 

May 2000 ACM SIGPLAN Notices , Proceedings of the ACM SIGPLAN 2000 conference 
on Programming language design and implementation PLDI '00, volume 35 

Issue 5 

Publisher: ACM Press 
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Full text available: W\ pdf(237.37 KB) 
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This paper presents a static race detection analysis for multithreaded Java programs. Our 
analysis is based on a formal type system that is capable of capturing many common 
synchronization patterns. These patterns include classes with internal synchronization, 
classes thatrequire client-side synchronization, and thread-local classes. Experience 
checking over 40,000 lines of Java code with the type system demonstrates that it is an 
effective approach for eliminating races conditions. On lar ... 

17 Untrusted hosts and confidentiality: secure program partitioning I 

❖ Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Myers 
October 2001 ACM SIGOPS Operating Systems Review , Proceedings of the eighteenth 
ACM symposium on Operating systems principles SOSP '01, Volume 35 issue 
5 

Publisher: ACM Press 

p ii • ■ 1 ui j*/* Additional Information: full citation , abstract , references , citings , index 

Full text available: T? 3 pdf(1.36 MB) ' 
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This paper presents secure program partitioning, a language-based technique for 
protecting confidential data during computation in distributed systems containing mutually 
untrusted hosts. Confidentiality and integrity policies can be expressed by annotating 
programs with security types that constrain information flow; these programs can then be 
partitioned automatically to run securely on heterogeneously trusted hosts. The resulting 
communicating subprograms collectively implement the original p ... 

18 Secure program partitioning 
Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Myers 
August 2002 ACM Transactions on Computer Systems (TOCS), volume 20 issue 3 

Publisher: ACM Press 
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This paper presents secure program partitioning, a language-based technique for 
protecting confidential data during computation in distributed systems containing mutually 
untrusted hosts. Confidentiality and integrity policies can be expressed by annotating 
programs with security types that constrain information flow; these programs can then be 
partitioned automatically to run securely on heterogeneously trusted hosts. The resulting 
communicating subprograms collectively implement the original p ... 

Keywords: Confidentiality, declassification, distributed systems, downgrading, integrity, 
mutual distrust, secrecy, security policies, type systems 
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v|k Koichi Fukunaga, Shin-ichi Hirose 

V June 1986 ACM SIGPLAN Notices , Conference proceedings on Object-oriented 

programming systems, languages and applications OOPLSA '86, volume 21 

Issue 11 

Publisher: ACM Press 
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Full text available: f?.n pdf(793.08 KB) 
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This paper presents an experience with a programming language SPOOL which is based 
on the combination of object-oriented programming and logic programming. This 
language inherits the capability of knowledge base organization from object-oriented 
programming and its expressive power from logic programming. The experience of the 
application of SPOOL to the program annotation system showed that this combination was 
quite useful to formalize domain knowledge into declarative data type ... 



20 Security and privacy: Securing web application code by static analysis and runtime Q 
^ protection 

^ Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo 
May 2004 Proceedings of the 13th international conference on World Wide Web 

Publisher: ACM Press 

Full text available: "|| pdf(2.67 MB) Additional Information: full citation , abstract , references , index terms 

Security remains a major roadblock to universal acceptance of the Web for many kinds of 
transactions, especially since the recent sharp increase in remotely exploitable 
vulnerabilities have been attributed to Web application bugs. Many verification tools are 
discovering previously unknown vulnerabilities in legacy C programs, raising hopes that 
the same success can be achieved with Web applications. In this paper, we describe a 
sound and holistic approach to ensuring Web application security. Vi ... 

Keywords: information flow, noninterference, program security, security vulnerabilities, 
type systems, verification, web application security 
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Software development and maintenance are costly endeavors. The cost can be reduced if 
more software defects are detected earlier in the development cycle. This paper 
introduces the Extended Static Checker for Java (ESC/Java), an experimental compile- 
time program checker that finds common programming errors. The checker is powered by 
verification-condition generation and automatic theorem-proving techniques. It provides 
programmers with a simple annotation language with which programmer design de ... 
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